10.7. Password Authenticator
- Implementation
- Configuration

10.7. Password Authenticator

Presto supports authentication with a username and password via a custompassword authenticator that validates the credentials and creates a principal.

Implementation

PasswordAuthenticatorFactory is responsible for creating aPasswordAuthenticator instance. It also defines the name of thisauthenticator which is used by the administrator in a Presto configuration.

PasswordAuthenticator contains a single method, createAuthenticatedPrincipal(),that validates the credential and returns a Principal, which is thenauthorized by the System Access Control.

The implementation of PasswordAuthenticatorFactory must be wrappedas a plugin and installed on the Presto cluster.

Configuration

After a plugin that implements PasswordAuthenticatorFactory has beeninstalled on the coordinator, it is configured using anetc/password-authenticator.properties file. All of theproperties other than access-control.name are specific to thePasswordAuthenticatorFactory implementation.

The password-authenticator.name property is used by Presto to find aregistered PasswordAuthenticatorFactory based on the name returned byPasswordAuthenticatorFactory.getName(). The remaining properties arepassed as a map to PasswordAuthenticatorFactory.create().

Example configuration file:

password-authenticator.name=custom-access-control
custom-property1=custom-value1
custom-property2=custom-value2

Additionally, the coordinator must be configured to use password authenticationand have HTTPS enabled.